Open in app

Sign in

Write

Sign in

Playground labs: Kapital DAO audit summary

Aleksandra Yudina
Ackee Blockchain
Published in
2 min readAug 4, 2023

Kapital DAO builds SaaS tools used by the world’s largest guilds and games to onboard players and improve asset management, all powered by the KAP token.

Playground Labs engaged Ackee Blockchain to conduct a security review of Kapital DAO with a total time donation of 10 engineering days. The review took place between September 14, 2022, and December 2, 2022.

METHODOLOGY

We began our review using static analysis tools, namely Slither , Woke and the solc compiler. We then took a deep dive into the logic of the contracts. Deployed the contracts using Brownie and tested them. During the review, we paid particular attention to:

  • ensuring the interactions with the oracle are correct
  • checking voting weight calculation
  • analysis of locking mechanisms
  • analysis of the upgrade process
  • simulation of the upgrade process
  • detecting possible reentrancies in the code
  • ensuring access controls are not too relaxed or too strict
  • looking for common issues such as data validation.

SCOPE

The scope was full-repository and the security review was focused on the GovernanceV2 deployment/upgrade process and the reintroduction of staked UniswapV2 KAP/ETH liquidity provider token voting.

The commit for the given scope was: a8fe3c9 .

FINDINGS

Critical severity

No critical severity issues were found.

High severity

No high severity issues were found.

Medium severity

M1: The VESTING_CREATOR role can vote multiple times

M2: Governance can lock funds forever

M3: Dynamic changes of the lock period

Low severity

L1: Lack of project identifier for address validation

Warning severity

W1: Pitfalls of upgradeability

W2: Execute could not be triggered if there are burned a lot of KAP tokens

Informational severity

I1: Boost can only be turned off

I2: Missing code comments

I3: Ambiguous error messages

CONCLUSION

Our review resulted in 9 findings, ranging from to severity. The more severe issues are connected to the Trust model .

We recommend Playground Labs to:

Ackee Blockchain’s full Playgorund Labs audit report with a more detailed description of all findings and recommendations can be found here.

We were delighted to audit Playground Labs and look forward to working with them again with them.

Originally published at https://ackeeblockchain.com on August 4, 2023.

Blockchain
Crypto
Cybersecurity
Smart Contracts
Smart Contract Auditing

--

--

Aleksandra Yudina
Ackee Blockchain

Written by Aleksandra Yudina

7 Followers
Writer for

Web3 enthusiast

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams